If you missed the blog roll, check below 👇🏼 https://emsroute.com/2025/05/09/cloud-native-endpoints/ Before moving to Cloud-Native, let's discuss the current phase where many organizations are possibly in at the moment. Entra Hybrid Joined state. This is the most common state I've seen in the organizations. What usually starts out as a PILOT or a POC to test … Continue reading 2. Cloud Native Endpoints: Why are You on Entra Hybrid Joined Today?
Author: Shehan Perera
I’m a self driven and passionate individual about Windows Server management, Cloud strategies, Azure, Microsoft 365, Exchange Server, Microsoft Teamwork, Microsoft Infrastructure technologies, ITIL standards, end user support and a passion for troubleshooting.
I strongly believe my skills in different layers in IT Infrastructure during the last 10 years has immensely helped me to become the person I am today and I embrace it and loving every second of it.
Why Defendnot is a Wake-up Call? A Ground Level Analysis
TL;DR If you are in the Security world, I believe you have heard all about Defendnot and how lethal it can be. The TL;DR is, Defendnot is a research project (by es3n1n), which is a tool that silently disables Defender AV when a 3rd party AV is not installed in the endpoint. When it's successfully … Continue reading Why Defendnot is a Wake-up Call? A Ground Level Analysis
🚨Important update for Intune Admins!
As you may already know, the Intune Connector that is used for Entra Hybrid Join is getting deprecated at the end of June 2025. Announcement: 🔗Read all about this important change here 💡Why? As a part of Microsoft's Secure Future Initiative, this will strengthen the account security. A Managed Service Account (MSA) will be used instead … Continue reading 🚨Important update for Intune Admins!
1. Cloud-Native Endpoints: Intro
This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal. 💡Value of going Hybrid? ➡You have the immediate opportunity to use Entra and Intune-related policies and settings.➡You are already making an effort to move … Continue reading 1. Cloud-Native Endpoints: Intro
OAuth App Governance
How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance
Configure Windows LAPS in Intune – March 2025 Update
Local Admin Password Solution has come a long way and the March 2025 Update (Service release 2503) had some good enhancements for the solution. Randomizing the LAPS username is one of them. Rather than enabling the local Administrator account or creating a special admin account for LAPS, having an auto randomizing username sounds confusing to … Continue reading Configure Windows LAPS in Intune – March 2025 Update
Let’s Get Started with Security Copilot
Why Security Copilot? Copilot is everywhere these days. I often make this joke, Is there a Copilot for Copilot? Maybe a dull joke. But jokes aside, Copilot continues proving that this is the way forward for everything Microsoft. AI technology is inevitable, and using it in the responsible way is the right thing to do. … Continue reading Let’s Get Started with Security Copilot
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
Making Identity and Access Management More Resilient with Microsoft Entra ID
As organizations are moving the Identity Infrastructure from on-prem to cloud, it is important to understand "what could go wrong" and how to be resilient so the identity-related activities will continue to work with minimum or less downtime. The identity strategy should have some key components when it comes to resilience and identify and document … Continue reading Making Identity and Access Management More Resilient with Microsoft Entra ID
How to Change Intune Security Baseline Policy to Version 24H2?
Intune Security Baseline for Windows 10 and later Version 24H2 is finally here. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines nowWhat's Available in Version 24H2Migrating from 23H2 BaselineTest Before Applying!Useful Links What you will see in the … Continue reading How to Change Intune Security Baseline Policy to Version 24H2?
🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
In this episode, we discuss:- The transformation of SC-400 to SC-401,- An amazing resource on the DSPM for AI journey,- The new version of IntuneMaps (Version 3),- A new web-series to assist in your Intune cloud migration journey,- and... a special guest announcement for Episode 3. https://www.youtube.com/watch?v=6FvzfEOSHaE&feature=youtu.be Tune in and let us know what you … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Excited to bring the Out of Band: A Microsoft Security Podcast EP01 - Boots on Ground.In this episode, we discuss:- The Microsoft Summer Bootcamp highlights and the overall experience,- Microsoft Secure Future Initiative and what it means to Windows and the overall ecosystem, and- We navigate a password hash synchronization challenge and how to resolve … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
🎙High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading 🎙High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
My 2024 LinkedIn Rewind and Thank you!
https://coauthor.studio/rewind was awesome as it just collates all the LinkedIn activities. And as 2024 is coming to an end, it is always to look back what you have accomplished and what impact you have had on the community. Looking forward to 2025! I would like to thank everyone who is reading my blogs and getting … Continue reading My 2024 LinkedIn Rewind and Thank you!
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
Inspecting Microsoft Defender Attack Surface Reduction Rules
What I will be covering in this article 👇🏽 Not a How, but more of a WhyProactive Prevention Vs. Reactive DetectionThe Ever-Expanding Attack SurfaceWhy Does Attack Surface Management Matter? - Painting the Picture With An ExampleA Good Rollout RoadmapPolicy Exceptions - Experience From the FieldPlanning the DeploymentLet's Categorize the RulesUnderstanding the ASR Rule ModesIf You … Continue reading Inspecting Microsoft Defender Attack Surface Reduction Rules
▶️Video – New Intune Device Preperation. A Step by Step Guide
This is the 1st step by step guide on my YouTube Channel. I wanted to dedicate this to the new Intune Device Preparation process. AKA Autopilot V2. I've added a couple of useful links in the description. I hope you'll like this video. Subscribe to my channel for the latest content! Thank you :) https://www.youtube.com/watch?v=5JxF9gneqw4
I May Have Finally Launched my YouTube Channel
This is something I wanted to do from a long time and I guess finally I did it. Launching my own YouTube channel. I gave a lot of thought to planning the goal of this channel and what content I want to bring in and I'm so excited to share my knowledge in this form … Continue reading I May Have Finally Launched my YouTube Channel
EMS Route 